Bugtraq mailing list archives
Re: XFree86 vulnerability exploit
From: Adam Langley <agl () imperialviolet org>
Date: Fri, 13 Feb 2004 11:36:46 +0000
On Wed, Feb 11, 2004 at 11:09:00AM +0000, Bender wrote:
Below you can find a exploit for latest bug in XFree86 sofware. Tested on some versions of RedHat Linux (mainly 7.0). regards Bender execle("/usr/bin/X11/X","X",":0","-fp","/tmp",0,envp);
It's worth pointing out that this is still a problem for installations which do not have a SUID root. (For example, the X server is started by a display manager which is already root). If you can send commands to the X server you can: % xset +fp /path/to/bad/fontdir Which has the same effect (comfirmed). -- Adam Langley agl () imperialviolet org http://www.imperialviolet.org (+44) (0)7906 332512 PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60
Current thread:
- XFree86 vulnerability exploit Bender (Feb 11)
- Re: XFree86 vulnerability exploit Adam Langley (Feb 13)